c:out escapes HTML characters so that you can avoid cross-site scripting.
c:out
if person.name = <script>alert("Yo")</script>
person.name = <script>alert("Yo")</script>
the script will be executed in the second case, but not when using c:out
As said Will Wagner, in old version of jsp you should always use c:out to output dynamic text.
Moreover, using this syntax:
<c:out value="${person.name}">No name</c:out>
you can display the text "No name" when name is null.
c:out also has an attribute for assigning a default value if the value of person.name happens to be null.
person.name
Source: out (TLDDoc Generated Documentation)